Hi Francois, Le samedi 22 mars 2008 à 22:29 +1300, Francois Marier a écrit : > On 2008-03-22 at 09:49:53, Julien Valroff wrote: > > You can add the 'hashes' test to the DISABLE_TESTS option in > > rkhunter.conf. > > Great, it's lightning fast now and it's not completely disabled. > > So, here's a small packaging suggestion. In the > /etc/apt/apt.conf.d/90rkhunter post-invoke script, how about this: > > if hashes is disabled (but not properties) > or if properties is enabled (but not hashes) > then run: > rkhunter --propupd --hash NONE > instead of > rkhunter --propupd
I first thought it was a good idea, but the answer of the upstream developer to the bug report lets me think it isn't a good idea to use the attributes test without the hashes test. Would you please check his comment at https://sourceforge.net/tracker/?func=detail&atid=794190&aid=1922881&group_id=155034 Note that I changed yesterday the default value of PKGMGR to be dpkg instead of none, but it seems it is even slower for updating the database: Using DPKG: athyr:~/# time rkhunter --propupd [ Rootkit Hunter version 1.3.2 ] File updated: searched for 154 files, found 130 real 0m21.677s user 0m13.697s sys 0m7.776s Using NONE: athyr:~/# time rkhunter --propupd [ Rootkit Hunter version 1.3.2 ] File updated: searched for 154 files, found 130 real 0m6.859s user 0m1.572s sys 0m3.408s I will hence revert my commit and let the admin choose what is the best for him. Maybe you could try setting 'NONE' if you had previously changed to dpkg ? Cheers, Julien
